GHSA-x8xm-c7p8-2pj2
Suggest an improvement- Source
- https://github.com/advisories/GHSA-x8xm-c7p8-2pj2
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-x8xm-c7p8-2pj2/GHSA-x8xm-c7p8-2pj2.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-x8xm-c7p8-2pj2
- Aliases
- Published
- 2025-04-10T13:38:53Z
- Modified
- 2025-04-10T23:14:13.484639Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- Silverstripe cross-site scripting (XSS) attack in elemental "Content blocks in use" report
- Details
-
An elemental block can include an XSS payload, which can be executed when viewing the "Content blocks in use" report.
The vulnerability is specific to that report and is a result of failure to cast input prior to including it in the grid field.
References
- https://www.silverstripe.org/download/security-releases/CVE-2025-25197
- Database specific
{ "nvd_published_at": "2025-04-10T13:15:51Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-79" ], "github_reviewed_at": "2025-04-10T13:38:53Z" }- References
-
- https://github.com/silverstripe/silverstripe-elemental/security/advisories/GHSA-x8xm-c7p8-2pj2
- https://nvd.nist.gov/vuln/detail/CVE-2025-25197
- https://github.com/silverstripe/silverstripe-elemental/pull/1345
- https://github.com/silverstripe/silverstripe-elemental/commit/34ff4ed498ccab94cc5f55ef9a56c37f491eda1d
- https://github.com/FriendsOfPHP/security-advisories/blob/master/dnadesign/silverstripe-elemental/CVE-2025-25197.yaml
- https://github.com/silverstripe/silverstripe-elemental
- https://www.silverstripe.org/download/security-releases/cve-2025-25197
Affected packages
Packagist / dnadesign/silverstripe-elemental
Package
- Name
- dnadesign/silverstripe-elemental
- Purl
- pkg:composer/dnadesign/silverstripe-elemental
Affected versions
2.*
2.1.2
3.*
3.0.0-beta1
3.0.0-beta2
3.0.0-beta3
3.0.0-rc1
3.0.0-rc2
3.0.0
3.0.1
3.0.2
3.1.0
3.1.1
3.1.2
3.1.3
4.*
4.0.0-beta1
4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.1.0
4.1.1
4.2.0-beta1
4.2.0
4.2.1
4.3.0
4.3.1
4.3.2
4.4.0-rc1
4.4.0
4.4.1
4.5.0
4.6.0-beta1
4.6.0-beta2
4.6.0-rc1
4.6.0
4.7.0
4.7.1
4.8.0-beta1
4.8.0-rc1
4.8.0
4.8.1
4.8.2
4.8.3
4.9.0-beta1
4.9.0-rc1
4.9.0
4.9.1
4.9.2
4.9.3
4.9.4
4.10.0-beta1
4.10.0-rc1
4.10.0
4.10.1
4.10.2
4.11.0-beta1
4.11.0-rc1
4.11.0
4.11.1
4.11.2
4.11.3
4.11.4
4.11.5
4.11.6
4.11.7
4.11.8
4.11.9
5.*
5.0.0-alpha1
5.0.0-alpha2
5.0.0-alpha3
5.0.0-beta1
5.0.0-beta2
5.0.0-rc1
5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.1.0-beta1
5.1.0-rc1
5.1.0
5.1.1
5.1.2
5.1.3
5.1.4
5.1.5
5.2.0-beta1
5.2.0-rc1
5.2.0
5.2.1
5.2.2
5.2.3
5.2.4
5.3.0-beta1
5.3.0-rc1
5.3.0
5.3.1
5.3.2
5.3.3
5.3.4
5.3.5
5.3.6
5.3.7
5.3.8
5.3.9
5.3.10
5.3.11